Cardiff University | Prifysgol Caerdydd ORCA
Online Research @ Cardiff 
WelshClear Cookie - decide language by browser settings

Performance and security tradeoff

Wolter, Katinka and Reinecke, Philipp ORCID: https://orcid.org/0000-0002-2411-0891 2010. Performance and security tradeoff. Presented at: SFM 2010: 10th International School on Formal Methods for the Design of Computer, Communication and Software Systems, Bertinoro, Italy, 21-26 June 2010. Published in: Aldini, Alessandro, Bernardo, Marco, Di Pierro, Alessandra and Wiklicky, Herbert eds. Formal Methods for Quantitative Aspects of Programming Languages: 10th International School on Formal Methods for the Design of Computer, Communication and Software Systems, SFM 2010, Bertinoro, Italy, June 21-26, 2010, Advanced Lectures. Lecture notes in computer science. Lecture Notes in Computer Science , vol.6154 Springer, 135 - 167. 10.1007/978-3-642-13678-8_4

Full text not available from this repository.

Abstract

A tradeoff is a situation that involves losing one quality or aspect of something in return for gaining another quality or aspect. Speaking about the tradeoff between performance and security indicates that both, performance and security, can be measured, and that to increase one, we have to pay in terms of the other. While established metrics for performance of systems exist this is not quite the case for security. In this chapter we present standard performance metrics and discuss proposed security metrics that are suitable for quantification. The dilemma of inferior metrics can be solved by considering indirect metrics such as computation cost of security mechanisms. Security mechanisms such as encryption or security protocols come at a cost in terms of computing resources. Quantification of performance has long been done by means of stochastic models. With growing interest in the quantification of security stochastic modelling has been applied to security issues as well. This chapter reviews existing approaches in the combined analysis and evaluation of performance and security. We find that most existing approaches take either security or performance as given and investigate the respective other. For instance [34] investigates the performance of a server running a security protocol, while [21] quantifies security without considering the cost of increased security. For special applications, mobile Ad-hoc networks in [5] and the email system in [32] we will see that models exist which can be used to explore the performance-security tradeoff. To illustrate general aspects of the security-performance tradeoff we set up a simple Generalised Stochastic Petri Net (GSPN) model that allows us to study both, performance and security and especially the tradeoff between both. We formulate metrics, such as cost and an abstract combined performance and security measure that explicitly express the tradeoff and we show that system parameters can be found that optimise those metrics. These parameters are optimal for neither performance nor security, but for the combination of both.

Item Type: Conference or Workshop Item (Paper)
Date Type: Publication
Status: Published
Schools: Computer Science & Informatics
Publisher: Springer
ISBN: 9783642136771
ISSN: 1611-3349
Last Modified: 26 Oct 2022 07:13
URI: https://orca.cardiff.ac.uk/id/eprint/124311

Citation Data

Cited 27 times in Scopus. View in Scopus. Powered By Scopus® Data

Actions (repository staff only)

Edit Item Edit Item